File: modsecurity_crs_11_avs_traffic.conf

package info (click to toggle)
modsecurity-crs 2.2.9-1+deb8u1
  • links: PTS
  • area: main
  • in suites: jessie
  • size: 3,064 kB
  • ctags: 219
  • sloc: perl: 1,002; ansic: 727; ruby: 69; makefile: 18
file content (31 lines) | stat: -rw-r--r-- 1,434 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# ---------------------------------------------------------------
# Core ModSecurity Rule Set ver.2.2.9
# Copyright (C) 2006-2012 Trustwave All rights reserved.
#
# The OWASP ModSecurity Core Rule Set is distributed under 
# Apache Software License (ASL) version 2
# Please see the enclosed LICENCE file for full details.
# ---------------------------------------------------------------


#
# This ruleset allows you to control how ModSecurity will handle traffic originating
# from Authorized Vulnerability Scanning (AVS) sources.
# See related blog post -
# http://blog.spiderlabs.com/2010/12/advanced-topic-of-the-week-handling-authorized-scanning-traffic.html
#

#
# White-list ASV network block (no blocking or logging of AVS traffic)
# Update IP network block as appropriate for your AVS traffic
#SecRule REMOTE_ADDR "@beginsWith 192.168.1." "phase:1,id:'981033',t:none,nolog,pass,allow"

#
# Recommended "Block but Don't Log" rule for scanning traffic
# Update IP address/network block as appropriate for your ASV traffic
#SecRule REMOTE_ADDR "@streq 192.168.1.101" "phase:1,id:'981034',t:none,nolog,pass,ctl:auditEngine=Off"

# Recommended phase 3 rule that will re-enable the audit engine if the request
# was not blocked by one of the normal rules.
# Update IP address/network block as appropriate for your ASV traffic
#SecRule REMOTE_ADDR "@streq 192.168.1.101" "phase:3,id:'981035',t:none,nolog,pass,ctl:auditEngine=On"